The invention pertains to a process for securing a 
communication between a recognition device and an 
identification unit able to communicate with the 
recognition device in such a way that the recognition 
5 device can authenticate the identification unit so as 
to instruct the unlocking of openable panels of a 
vehicle and/or permit the starting of a vehicle. 

Such a recognition device together with an 
10 identification unit constitutes a so-called «hands- 
free» access system. In such an access system, the 
recognition device transmits a signal consisting of 
data to a certain distance around the vehicle. When the 
user carrying the identification unit is located within 
15 the field of transmission of the signal, he transmits 
response data. If these response data are recognized by 
the recognition device, it instructs the unlocking of 
openable panels of the vehicle and/or permits the 
starting of the vehicle. 

20 

Thus, the user can unlock the openable panels of his 
vehicle without having to manipulate any key or remote 
control: the simple fact of carrying or wearing an 
identification unit, which may be a badge, allows him 
25 to see his vehicle be unlocked. 

Figure 1 represents an example of an exchange of data 
between a recognition device and an identification 
unit. This exchange of data is generally referred to as 

3 0 a recognition protocol. It follows a predetermined 
sequence consisting for example of an authentication 
phase AUT and of an antipirating phase ANP . The 
authentication phase AUT comprises a step of 
initialization or wakeup step RE, a request step RQ, an 

3 5 anticollision step ANC, a selection step SE and 
possibly a response step RP . The antipirating phase 
comprises steps of transmitting transmission data PI 
and of receiving response data P1R. The response step 
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RP may possibly be combined with the antipirating phase 
ANP . 

In such a system, the two-way communication in the form 
5 of an exchange of data between the recognition device 
and the identification unit is generally aimed at 
enabling the recognition device to authenticate the 
identification unit, on the one hand by verifying its 
signature and on the other hand by evaluating a 
10 reaction time in the exchange of data. 

The objective of evaluating a reaction time is to 
detect pirating by repeater: if a first pirate, 
furnished with a first transmitter/receiver relay, 

15 located in proximity to the vehicle, is in touch with a 
second pirate, furnished with a second 

transmitter/receiver relay located in proximity to the 
bearer of the identification unit, the two pirates are 
able to trigger an exchange of data between the 

2 0 recognition device and the identification unit, 
unbeknown to the bearer of the identification unit. 

This being so, the repeater thus constructed 
necessarily increases the reaction time in the exchange 

2 5 of data between a recognition device and the 

identification unit. By evaluating a reaction time, a 
recognition device can therefore detect pirating by 
repeater, and thus not instruct the unlocking of the 
openable panels of the vehicle. A recognition device of 

3 0 this type is known in particular through the document 

DE 198 02 526. 

Figures 2a to 2d are graphical representations of an 
exchange of data between a recognition device such as 
35 that disclosed in the document DE 198 02 526 and an 
identification unit in the presence of a pirate relay. 

In particular, Figure 2a represents versus time the 
data transmitted by the recognition device. 
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The expression «reference event R» refers to any event 
of the recognition protocol identifiable as a cue by a 
pirate relay. 

5 

The recognition device transmits a transmission 
datum PI to the identification unit after an 
initialization time To defined with respect to the 
reference event R of the recognition protocol . After 

10 receipt of a response datum P1R, the recognition device 
transmits a transmission datum P2 . The time interval T 
between the transmission of two successive transmission 
data PI and P2 is fixed and is greater than the 
reaction time Tr between the transmission of the 

15 transmission datum PI and the reception of a response 
datum P1R in such a way as to avoid an overlap between 
response P1R and transmission P2 data. 

Figure 2b represents versus time the data PI, P2 , P3 
20 sent to the identification unit after an outward 
journey to the pirate relays. This figure depicts the 
outward journey time Atl of the transmission data to 
the pirate relays. 

25 Figure 2c represents the time evolution of the response 
data P1R, P2R, P3R returned by the identification unit 
to the recognition device after it has been processed. 
The lag Tl corresponds to the time for processing the 
transmission datum PI by the identification unit. This 

3 0 processing time Tl is constant and is known by the 
recognition device. 

Figure 2d represents the time evolution of the response 
data P1R, P2R, P3R picked up by the recognition device. 
3 5 The time At2 represents the return journey time of the 
response data in the pirate relays. The time Tr 
represents the reaction time between the transmission 
of the transmission datum PI and the reception of the 
response datum P1R. 
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To detect the presence of a pirate relay, the invention 
disclosed by the document DE 198 02 52 6 proposes that 
the reaction time Tr between the transmission of the 
5 transmission datum PI and the reception of the response 
datum P1R be measured. 

When a pirate relay is present in the exchange of data, 
the reaction time Tr is equal to the addition of the 

10 processing time of the identification unit Tl and of 
the outward and return journey times Atl, At 2 in each 
pirate relay. When this reaction time Tr is greater 
than a predetermined threshold, the recognition device 
does not permit the unlocking of the vehicle. 

15 Generally, the predetermined threshold is slightly 
greater than the processing time Tl of the 
identification unit since the speed of movement of the 
data is negligible. 

2 0 However, such a system does not afford a sufficient 

degree of security. Specifically, to avoid being 
detected, the pirate relay can during a first exchange 
of data measure the duration of the initialization 
time TO, of the time interval T, and possibly the 
25 amplitude and frequency characteristics of the data 
PI, P2, P3 . Then during a second exchange of data, the 
pirate relay can send a datum PI early, advanced by the 
time introduced by the journeys of the data in the 
pirate relays so as to compensate for the lag due to 

3 0 the journey in these relays. 

Figures 3a to 3d are graphical representations of an 
exchange of data between a recognition device and an 
identification unit in the presence of a recorder 
35 pirate relay. 



In particular, Figure 3a represents the time evolution 
of the transmission data PI, P2 , P3 transmitted by the 
recognition device during a first exchange of data. 
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An exchange of data is defined as an interrogation of 
the identification unit by the dispatching of the 
recognition protocol by the recognition device. 

5 

During the first exchange of data illustrated in 
Figure 3a, a recorder pirate relay captures the 
transmission data PI, P2 , P3 and records the 
initialization time TO, the time interval T and also 
10 possibly the amplitude and frequency characteristics of 
the data. 

During a second exchange of data illustrated in 
Figure 3b, the pirate relay triggers the exchange of 

15 the data corresponding to the phase of 
authentication AUT of the identification unit. When 
this phase has terminated and after a time interval Tp 
defined with respect to a reference event R, it 
dispatches a transmission datum Pie which it has 

2 0 recorded during the first exchange of data. The time 
interval Tp corresponds to the time interval TO 
previously recorded less the outward and return journey 
times Atl + At 2 in the pirate relays. 



25 Figure 3b represents the time evolution of the 

transmission data Pie, P2e, P3e dispatched by the 

recorder pirate relay during the second exchange of 
data . 



3 0 The advancing of the antipirating phase ANP with 
respect to the authentication phase AUT is not detected 
by the identification unit since on the one hand the 
latter does not know the time interval TO and since on 
the other hand unlike the identification code, the 

35 pulse PI is not modified with each exchange of data 
between the recognition device and the identification 
unit . 
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Figure 3 represents the time evolution of the response 
data PleR, P2eR, P3eR returned by the identification 
unit after they have been processed. The lag Tl 
corresponds to the time taken to process the response 
5 datum Pie by the identification unit. 

Figure 3d represents the time evolution of the response 
data PleR received by the recognition device. The 
reaction time Tr is equal to the processing time Tl of 
10 the identification unit. Consequently, the presence of 
pirate relays can no longer be detected and the 
so-called «hands-free» system is no longer sufficiently 
secure . 

15 The purpose of the invention is to provide a more 
reliable security process. 

To this end, the subject of the invention is a process 
for securing a communication between a recognition 

2 0 device and an identification unit able to communicate 

with the recognition device by a data exchange 
determined by a recognition protocol, one of these 
items of data corresponding to a reference event, the 
process communicating in such a way that the 
25 recognition device can authenticate the identification 
unit so as to instruct the unlocking of openable panels 
of a vehicle and/or permit the starting of a vehicle 
and furthermore comprising: 

after an initialization time defined with 

3 0 respect to the reference event (R) of the 

recognition protocol, a step of transmission by 
the recognition device of at least two 
transmission data, 

a step of transmission by the identification 
35 unit of at least two response data in response 

to the transmission data, 

a step of measuring a reaction time between the 
transmission of a data item and the reception 
of a corresponding response data item by the 



recognition device, and a step of verifying 
that the measured reaction time is less than a 
predetermined threshold 
wherein the time interval between the transmission of 
two successive transmission data and/or the 
initialization time are/is made to vary. 

The invention will be better understood in the course 
of the detailed explanatory description which will 
follow with reference to the figures in which: 

Figure 1 diagrammatical ly represents an 
exemplary recognition protocol, 

Figures 2a to 2d are graphical representations 
of an exchange of data between the recognition device 
and the identification unit in the presence of a pirate 
relay, 

Figures 3a to 3d are graphical representations 
of an exchange of data between the recognition device 
and the identification unit in the presence of a 
recorder pirate relay, 

Figure 4a represents the time evolution of the 
data transmitted by a recognition device according to a 
first embodiment of the present invention during a 
first exchange of data, 

Figure 4b represents the time evolution of the 
data transmitted by a recognition device according to a 
first embodiment of the present invention during a 
second exchange of data, 

Figure 5 represents the time evolution of the 
data transmitted by a recognition device according to a 
second embodiment of the present invention during an 
exchange of data, 

Figures 6a and 6b represent the time evolution 
of the data transmitted by a recognition device 
according to a third embodiment of the present 
invention during an exchange of data. 

The security process according to the present invention 
causes at least one of the characteristic parameters of 



- 8 - 

the transmission data PI, P2 , P3 and/or of the response 
data P1R, P2R, P3R to vary in a random manner with each 
exchange of data and/or within one and the same 
exchange of data. 

5 

The characteristic parameters of the transmission data 
PI, P2, P3 and/or of the response data P1R, P2R, P3R 
are the time interval between two successive data T, 
the initialization time TO, the frequency of the 
10 carrier, the width of the data when the data are 
transmitted in the form of pulses and the coding of the 
response data. 

Only those embodiments in which the time interval 
15 between two successive data T and the initialization 
time TO vary have been described in the present 
description. However, the present invention is in no 
way limited to these embodiments. 

2 0 Furthermore, it is possible to vary several 
characteristic parameters with each exchange of data 
and/or within one and the same exchange of data. 

Moreover, these parameters may vary randomly or 

2 5 according to a predetermined sequence. 

According to a first embodiment of the present 
invention, the initialization time TO varies with each 
exchange of data between the recognition device and the 

3 0 identification unit. 

Figures 4a and 4b represent the time evolution of the 

transmission data PI, P2 , P3 dispatched by the 

identification unit during a first and a second 
3 5 exchange of data. 



The initialization time TO is defined by the time 
separating a reference event R of the recognition 
protocol and the dispatching of the first transmission 
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datum PI of the antipirating phase ANP (Figure 3) . The 
reference event R can be defined for example by the end 
of the wakeup step RE, of the selection step SE or of 
the response step RP. 

5 

According to the present invention, the initialization 
time TO varies in a random manner with each exchange of 
data, the pirate relay can no longer determine the 
moment at which the datum PI is dispatched by the 
10 recognition device. Consequently, it cannot dispatch a 
previously recorded transmission datum Pie with an 
advance corresponding to the lag Atl + At 2 introduced 
by the outward and return journey in the pirate relays. 

15 According to a second embodiment of the present 
invention, the time interval T between the transmission 
of two successive data PI and P2 varies in a random 
manner within one and the same exchange of data and 
with each exchange of data. Figure 5 represents the 

2 0 time evolution of the transmission data PI, P2 , P3 
dispatched by the identification unit. The recognition 
device transmits a transmission datum P2 after a time 
interval T10 and a datum P3 after a time interval T20. 
The time intervals T10, T20, T30 are random and vary 

2 5 within a predetermined span but they are always greater 

than the reaction time between the transmission and the 
reception of a data item so as to avoid overlap between 
two successive data, 

3 0 Since the time interval T varies in a random manner 

within one and the same exchange of data and with each 
exchange of data, the pirate relay cannot dispatch a 
datum Pie recorded during a first exchange of data with 
an advance corresponding to the journey time through a 
3 5 pirate relay since it cannot determine the moment at 
which a transmission datum P2 will be transmitted. 

As a variant, it is possible to vary both the 
initialization time TO and the time interval T. The 
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initialization time TO and the time interval T are 
characteristic time parameters of the recognition 
device . 



5 According to a third embodiment of the present 
invention, the time interval T varies with each 
exchange of data between the recognition device and the 
identifying unit. Figures 6a and 6b represent the time 
evolution of the transmission data Pi, P2 , P3 

10 dispatched by an identification unit. During a first 
exchange of data (Figure 6a) , the recognition device 
dispatches transmission data PI, P2, P3, each one 
separated by a time interval T10. Then, during a second 
exchange of data (Figure 6b) , the time interval 

15 separating two successive data PI and P2 is different 
from the time interval T10 and is for example equal to 
the T20. Thus, it is not possible for the pirate relay 
to determine in advance the moment at which a data item 
is transmitted by the recognition device. 

20 

Moreover, the recognition device can perform a series 
of measurements of reaction time between the 
transmission of several data PI, P2 , P3 , P4 and the 
reception of the corresponding data P1R, P2R, P3R and 

25 take into consideration only certain measurements. For 
example, for one hundred reaction times measured in one 
and the same exchange of data, it would be possible to 
ignore all but the ninety smallest reaction time bits, 
so as to discard the abnormal reaction times due to 

3 0 communication glitches. More particularly, in this mode 
of calculation, one is given a predefined integer 
number of measured reaction times which will be taken 
into account. Specifically, the transmission of four 
data bits may give rise to only three reaction time 

3 5 measurements . 



As a variant and/or in combination with the above - 
described mode of taking bits into account, it is also 
possible to calculate the average of several reaction 
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time measurements and then to perform a comparison 
between the average obtained and a predetermined 
threshold value so as to conclude according to the 
result which this comparison yields whether the 
5 recognition device should or should not permit the 
unlocking of the vehicle. 



